CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6325
https://notcve.org/view.php?id=CVE-2012-6325
VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. VMware vCenter Server Appliance (vCSA) v5.0 anteriores a Update 2 no analiza correctamente la sintaxis de los documentos XML, permitiendo que usuarios remotos autenticados accedan a ficheros de su elección mediante vectores de ataque no especificados. • http://www.vmware.com/security/advisories/VMSA-2012-0018.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0CVE-2011-0527
https://notcve.org/view.php?id=CVE-2011-0527
VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords. VMware vFabric tc Server (también conocido como SpringSource tc Server) v2.0.x anterior a v2.0.6.RELEASE y v2.1.x anterior a v2.1.2.RELEASE acepta passwords ofuscados durante la autenticación JMX, lo que hace más fácil para atacantes dependientes del contexto obtener acceso mediante la lectura contraseñas almacenadas. • http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0122.html http://securitytracker.com/id?1025923 http://www.securityfocus.com/bid/49122 http://www.springsource.com/security/cve-2011-0527 https://exchange.xforce.ibmcloud.com/vulnerabilities/69156 • CWE-287: Improper Authentication •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2928
https://notcve.org/view.php?id=CVE-2010-2928
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file. La aplicación vCenter Tomcat Management en VMware vCenter Server v4.1 anterior a Update 1, almacena credenciales de inicio de sesión en un archivo de configuración, que permite a usuarios locales obtener privilegios mediante la lectura de este archivo. • http://osvdb.org/70859 http://secunia.com/advisories/43307 http://securityreason.com/securityalert/8079 http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html • CWE-255: Credentials Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 0CVE-2010-4296
https://notcve.org/view.php?id=CVE-2010-4296
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files. vmware-mount en VMware Workstation 7.x anteriores a la 7.1.2 build 301548 en Linux, VMware Player 3.1.x anteriores a la 3.1.2 build 301548 en Linux, VMware Server 2.0.2 en Linux, y VMware Fusion 3.1.x anteriores a la 3.1.2 build 332101 no carga apropiadamente las librerías, lo que permite a los usuarios del SO base escalar privilegios a través de vectores que involucran ficheros objeto compartidos. • http://lists.vmware.com/pipermail/security-announce/2010/000112.html http://osvdb.org/69584 http://secunia.com/advisories/42453 http://secunia.com/advisories/42482 http://www.securityfocus.com/archive/1/514995/100/0/threaded http://www.securityfocus.com/bid/45168 http://www.securitytracker.com/id?1024819 http://www.securitytracker.com/id?1024820 http://www.vmware.com/security/advisories/VMSA-2010-0018.html http://www.vupen.com/english/advisories/2010/3116 • CWE-863: Incorrect Authorization •
CVSS: 9.3EPSS: 11%CPEs: 34EXPL: 0CVE-2010-4294
https://notcve.org/view.php?id=CVE-2010-4294
The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. La funcionalidad de descompresión de tramas ("frames") en el codec VMnc media de VMware Movie Decoder en versiones anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548, VMware Workstation 6.5.x anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548 en Windows, VMware Player 2.5.x anteriores a la 2.5.5 build 246459 y 3.x anteriores a la 3.1.2 build 301548 en Windows, y VMware Server 2.x en Windows no valida apropiadamente un campo de tamaño sin especificar, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de la memoria dinámica) a través de un archivo de vídeo modificado. • http://lists.vmware.com/pipermail/security-announce/2010/000112.html http://osvdb.org/69596 http://secunia.com/advisories/42482 http://www.securityfocus.com/archive/1/514995/100/0/threaded http://www.securityfocus.com/bid/45169 http://www.securitytracker.com/id?1024819 http://www.vmware.com/security/advisories/VMSA-2010-0018.html http://www.vupen.com/english/advisories/2010/3116 • CWE-94: Improper Control of Generation of Code ('Code Injection') •